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Abstract. We present a unifying framework for type systems for process calculi. The core 
of the system provides an accurate correspondence between essentially functional processes and 
linear logic proofs; fragments of this system correspond to previously known connections between 
proofs and processes. We show how the addition of extra logical axioms can widen the class of 
typeable processes in exchange for the loss of some computational properties like lock-freeness or 
termination, allowing us to see various well studied systems (like i/o types, linearity, control) as 
instances of a general pattern. This suggests unified methods for extending existing type systems 
with new features while staying in a well structured environment and constitutes a step towards 
the study of denotational semantics of processes using proof-theoretical methods. 


1 Introduction 

Process calculi are a wide range of formalisms designed to model concurrent systems and reason 
about them by means of term rewriting. Their applications are diverse, from the semantics of 
proof systems to the conception of concrete programming languages. Type systems for such 
calculi are therefore a wide domain, with systems of different kinds designed to capture dif¬ 
ferent behaviours and ensure different properties of processes: basic interfacing, input-output 
discipline ESI, linearity m , lock-freeness m , termination EDI, respect of communication pro¬ 
tocols mum, functional or sequential behaviour Barnaul]. 

In order to better understand the diversity of calculi and uncover basic structures and general 
patterns, many authors have searched for languages with simpler or more general theory in which 
the most features could be expressed by means of restrictions or codings: asynchrony [7], internal 
mobility [ 26 ] . name fusions [HIM], solos P 2 ), etc. It is natural to search for similar unification 
in the realm of type systems, and the aim of this paper is to make a step towards this long¬ 
term objective. Our ideal system would be simple enough so that general properties could be 
reasonably easy to obtain and expressive enough so that most interesting type systems could 
naturally be expressed in it in a structured way. 

For this purpose, we will take inspiration and tools in proof theory. A useful analogue is the 
famous and fruitful Curry-Howard correspondence: at the core is the simply typed A-calculus, 
which matches minimal intuitionistic logic and ensures strong normalisation. The type language 
can be extended for expressiveness (with quantifiers, dependent types, polymorphism, etc.), clas¬ 
sical logic can be embedded in it by CPS translation or by adding logical rules. Furthermore, 
extending it with a simple type equation D = D —»■ D yields the full untyped calculus where 
normalisation is lost, but the identification of this equation leads to the definition of abstract 
structures that are useful for denotational semantics. 

We claim that the analogue of simple types for process calculi is to be found in linear logic 
EU, and we propose a new implementation of this idea. Of course, term assignment systems for 
linear logic proofs have been proposed in the past by various authors [111 |S] but no such system 
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has yet appeared as a satisfactory type system for processes (because of too much constraint on 
the syntactic structure of terms), with the notable exception of Honda and Laurent’s result [15] 
which precisely matches a proper type system for the 7r-calculus with a meaningful class of proof 
nets. 

The novelty of our approach is to distinguish two aspects in typing: firstly we have a typ¬ 
ing rule for each syntactic construct independently, secondly we have a subtyping relation that 
implements logical reasoning without affecting the structure of terms; this subtyping is nothing 
else than entailment in linear logic (actually a reasonable fragment of it), which allows to use 
all existing theory for reasoning about it. In this method, we insist on treating seriously the 
fundamental structures of both the process calculus and the logic, the fundamental example 
being that typing is preserved both by structural congruence on processes and by logical isomor¬ 
phism between types (and these are closely related). This is necessary for developing logic-based 
semantics of processes in future works, using existing tools and methods from the semantics of 
proofs and of processes. 

This paper is divided in two parts. In section [2] we define our basic type system for the 
polyadic 7r-calculus and we discuss variations around the same principles for alternative calculi. 
In section [3] we review several type systems and term assignment systems and show how they 
fit in our framework, by means of extra logical axioms and syntactic restrictions. Section [I] 
concludes by discussing shortcomings, extensions and ideas for future work. 


2 The basic typed calculus 

2.1 Syntax 

Processes are terms of the standard polyadic 7r-calculus with input-guarded replication (and no 
sum in the present paper), with type annotations on name creation. In our type system, we will 
derive judgements of the form E b P where E is an environment type and P is a process term. 
Such a judgement is to be understood as “P is well-formed under the contract of the environment 
E'\ Environment types are made of capability assignments of the shape x : T where x is a channel 
name and T a capability type, combined using logical connectives. Capability types consist of 
an input or output capability (written 1 and t respectively) together with a behaviour type for 
the data that is communicated, and behaviour types are capability types combined using logical 
connectives. 

1 Definition (typed terms). The grammar of types and processes is defined in table [T] 

Remark that we do not force each channel name to occur only once in an environment type, 
and this is a fundamental feature of our system. It notably allows name substitution E[u/x\ to 
make sense even when it equalises some names. 

The name creation operator ( vx ) is annotated with a type A and a kind k that distinguishes 
between linear and non-linear channels. Contrary to usual practice, the type A is not the type 
that x itself will have, but the type of the data that x will transport. In statements where the 
kind and type of a channel are unimportant, we use the standard notation (yx). 

The logical connectives used in environments and behaviours are those of multiplicative- 
exponential linear logic. This logic, recalled in table [2] is used to reason about behaviours of 
processes. The key ingredient is that logical consequence is interpreted as subtyping: if E and 
F are environments such that E entails F, then a process that respects F will respect E. 

2 Definition (subtyping). The subtyping preorder < over environments is such that E < F 
holds when h E^^F is provable in MELL using capability assignments as atomic formulas. The 
associated equivalence is written 
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Capabilities: T, U := -IA 

t A 

Behaviours: A, B := T, \T, IT 

A®B, AAl B 

1, -L 

Environments: E, F := x : T, \x : T, lx : 

E®F, E^F 
1, -L 

Processes: P, Q := u{x).P 

\u(x).P 

u(v).P 

0 

P\Q 

{ux : A k )P 


input 

output 

capability (linear, replicable, multiple) 
concatenation (independent, correlated) 
empty tuple (neutral for ® or ? ?) 

T capability assignment 

union (independent or correlated) 

empty environment (neutral for (8> or 2 ?) 

input prefix 

replicated input prefix 

output prefix 

inactive process 

parallel composition 

name creation, with k £ {1, cu} 


Table 1: The syntax of types and process terms 


Formulas of MELL with capability assignments as atoms and where modalities ? and ! are 
only applied to literals (atoms and atom negations) will be called environment formulas , they will 
be useful for reasoning about typed processes. Environment types correspond to such formulas 
with only positive atoms, i.e. without negation. 

3 Definition (typing judgement). Typing judgements have the shape E b P where E is an 
environment type and P is a process term. They are derived using the rules of table [3J 

The notation x : A where A is a behaviour type stands for the environment type obtained 
by annotating each capability in A by a name in the sequence x, respecting the left-to-right 
order, assuming that the length of x matches the number of capabilities in A. For instance, 
xyz : (T At 1) <8> 1U <g> _L <g> V stands for ((x : T)A1 1) CS> ?( y : U) Cg> T <8> (z : V"). 

Note that process terms have no type, in other words there is a unique type for processes 
which means “well-formed”; it is also the case for instance in i/o types with linearity, as studied 
in section ED Of course, it would be strictly equivalent to consider that, in E b P, the formula 
E 1 - is the type of P: this is what usually happens in systems more oriented towards logic, like 
those studied in sections Ml and 13.31 

Remark that input and output capabilities are logically not dual, in the sense of being a nega¬ 
tion of each other: (u : 4'A)- L and u : tA are just distinct literals. Actual duality between input 
and output is established by the typing rules for name creation, for instance NEWl corresponds 
to setting the formula x : f A ^ x : XA as an axiom, which does represent the creation of a name 
x with one occurrence of each capability, where capabilities are dual. 

In the statements and proofs, the types for channels in premisses of NEW rules is used in 
many places. For readability and conciseness, we introduce the following notations: 

[x\\ := x -A AA1 x : 4 -A, [x]^ := !x : tA 2 ! ?x : IA. 

In [x}\, we may keep k or A implicit when the details are unimportant. This way, the rules 
NEWl and NEWw are simplified into a single form: 

[x] k A 

- newA; where x does not occur in E. 

E b (ux : A k )P 
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Formulas, assuming a given set of atoms written a, (3.. 

A,B:=a, cr 1 , A ® B, A^ B, 1 , _L, \A, 7 A 
Linear negation (•)-*- is the involution over formulas such that: 

(cr L )" L = a (A®B) ± =A- l t?B- l 1 ^ = ± (IA)- L = 7A ± 


Sequents are finite multisets of formulas, they are proved using the following rules: 


h A\A 


hr,d 


hr, i 


h r,A 

h T,A 
_:_ v 

hT,?d 


h r,?A 


hr ,A h A,B 
h r, A, A®B 
h r, 7A, 7A 

- c 

h r ,?a 


hr ,a,b 

--- 2? 

hr^^B 
h 7A u ...,7A n ,B 
h ?A 1} , 7A n , IB 


Table 2: Multiplicative-exponential linear logic (MELL) 


- NOP 

_LhO 

x : A ® E h P 

- IN 

u : IA <g> E h u(x).P 


E\- P F\-Q 

- PARA 

E^ F h P | Q 


x: A® E' h P 
7u : IA ® E- h \u{x).P 


in! 


E < F F\- P 
E h P 


SUB 


Eh P 

- OUT 

u : 1\A <g> (v : A ^ E) h u(v).P 


{x : tA 2? x : IA) ® E h P (hr : tA ^ 7x : lA) ® E h P 

- NEW 1 - NEWtU 

Eh(vx:A l )P E h (vx : A U )P 


• In the NEW rules, the name x must not occur in the environment E. 

• In the IN rules, the names in x must not occur in the environments E and E ! . 

• In in!, E' stands for an environment of the shape \y\ : Tf <g>... <8> \y n : T n . 


Table 3: Typing rules for processes 
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Moreover, in applications of the SUB rule, we will keep the premiss E < F implicit since E and 
F are the environments of the conclusion and premiss respectively. 

4 Lemma. A judgement E b P holds if and only if it has a derivation where SUB rules appear 
only right above IN and NEW rules and at the root of the proof. 

Proof. Firstly, it is clear that successive uses of the SUB rule can always be gathered into one 
thanks to the cut rule of MELL. We may thus assume without loss of generality that no SUB rule 
occurs above another SUB rule. Then one easily checks by case analysis on the proofs that each 
SUB rule can be commuted down with any rule except NEW and IN rules because these impose 
constraints on the context of their premiss. □ 

This lemma allows us to consider a restricted form of derivation when reasoning on typed 
processes. In order to establish subject reduction in the next section, we will also need the 
following general properties of MELL proofs: 

5 Lemma (substitutivity). If b T is a provable sequent in MELL, then for all propositional 
variable a and formula A the sequent b T[A/a] is also provable. 

6 Lemma (interpolation). Let T and A be two multisets of MELL formulas. If b T, A is 
provable, then there exists a formula F that contains only literals present in both T^ and A such 
that the sequents b T, F and b F^, A are provable. 

Both lemmas are easily proved by structural induction over proofs (a detailed proof for 
lemma ED can be found in appendix IA.1I) . They actually hold for full linear logic but we state 
them in MELL because it is the fragment we use in this paper. 


2.2 Execution 

Our presentation of execution uses structural congruence and reduction, because it provides 
simpler statements than a presentation using a labelled transition system. 

7 Definition (structural congruence). The congruence = over process terms is defined by 
abelian monoid laws for parallel composition and the standard scoping rules: 

{P\Q)\R=P\{Q\R) P\Q = Q\P P\0 = P 
{ux : A k ){uy : B e )P = (vy : B £ ){ux : A k )P P \ {ux : A k )Q = {ux : A k )(P | Q) 


where x ^ y and x does not occur free in P in the last rule. 

8 Lemma. Typing is preserved by structural congruence. 

Proof. This is proved by checking each axiom of structural congruence. Most cases are direct, 
the only technical point is the proof that if {ux : A k )(P \ Q) is typeable and x does not occur in 
P, then P | {ux : A k )Q has the same type. We transform a generic typing of {ux : A k ){P \ Q) 
into a typing of P | {ux : A k )Q as follows: 


E b P F b Q 

- PARA 

E^F\-P\Q 

- SUB 

[x}\ 0Gb P I <3 

G b {ux : A k ){P I Q) 


NEW k 


—t 


PbQ 

- SUB 

[a;]^ 0FbQ 

PbP H\-{ux:A k )Q 

E ?? H b P | {ux : A k )Q 

- SUB 

G b P | {ux : A k )Q 


NEW k 
PARA 
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In order to find the environment H , remark that the subtyping on the left is justified by an 
MELL proof of b ([x]^)- 1 , G- 1 , E, F. By lemma |H1 there is a formula H such that b G^~,E,H 
and b iJ A ([AaAA are provable and the literals in H occur both in G, iA and in ([x]\) ± ,F. 
By hypothesis x does not occur in P hence not in E, and not in G either by the side-condition 
on NEWfc, so there is no x in H. Hence the literals in H occur in F so they are positive and H 
is an environment type. The proofs of b GA E, H and b H ± , ([t] A A F justify the SUB rules on 
the right. The other cases are detailed in appendix IA.21 □ 

9 Definition (reduction). Reduction is the relation —> where £ is either a name or the symbol 
r. It is generated by the rules 

u{v).P | u(x).Q A P | Q[v/x\ u(v).P | \u(x).Q A P \ Q[v/x\ \ \u(x).Q 

extended to arbitrary contexts as 

p A p' p A p' i±u P A P' PAP' 

P|qAp'|Q HpA(i/«)P' ( uu : J 4 1 )P A P' {yu : AP)P A- {yu : AP)P f 

and saturated under structural congruence. 

The only difference with standard reduction is that we delete linear name creations as soon 
as their name is used. This is consistent with the linearity requirement, moreover in typed 
processes this requirement is fulfilled. In plain 7r-calculus this operation would be handled by 
the congruence rule (; vx)P = P if x is not free in P, but we choose not to use this approach here 
in order to avoid an extra kind of “new” operator just for this case. 

10 Theorem (subject reduction). For all typed term T b P and execution step P A P', the 
judgement TbP' is derivable. 

Proof. Thanks to lemma [8j we can reason up to structural congruence. For an interaction step 
on a linear channel, we have (vu : A}){u{tf).P | u{x).Q) A P | Q[v/x\. The left-hand side is typed 
as follows (using the simplification from lemma [5]): 

E\- P x : A® F b Q 

- OUT --- IN 

u : t A (g> (v : A E) b u(v).P u : IA ® F b u(x).Q 

- PARA 

(u : tA ® (v : A ^ E)) (u : IA (g) F) b u(v).P \ u(x).Q 

- SUB 

(u : u : iA) <S> H b u{v).P \ u(x).Q 

- new 1 

H b [yu : A 1 )(m(u).P | u(x).Q) 

with the hypothesis that no name in x occurs in F. The SUB rule is justified by an MELL proof 
of b (((u : tA)- 1 ® (u : 4'A)- L ) ^ H ± ), (u : tA® (v : A 2 ? E)) ^ (u : iA ® F). By lemmaO we can 
replace the atomic formula u : tA by v : A and the atomic formula u : tA by (v : A)A then we 
get a proof of 


b(f:A®(f: AA) 2 ? H A ((v : A) 1 - 0 (v : A^ E)) ^ (it : A ® P) 
The following sequents are easily proved in MELL: 

b H ± : {v:A 2 ^( y v:A) ± )®H 

b (u : A 2? ((v : A) 1 - <g> E^)) ® ((v : A)^ ^ F ± ), E^(v:A®F) 
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so we get a proof of h H- 1 , (v : A C§> F) ^ E by composition, which justifies the typing: 

EhP v : A <g> F h Q[v/x\ 

- PARA 

E A" (v : A (g) F) h P | Q[v/x ] 

- SUB 

if h P | Q[u/f] 

The case of a reduction on a non-linear channel is similar, with some extra work to handle 
duplication; details can be found in appendix I A. 31 □ 

Remark that the introduction of negated atoms in the proof above makes us go through 
environment formulas that are not proper types, although composition by cut provides a subtyp¬ 
ing between environment types. These intermediate steps correspond to the introduction in our 
system of axiom rules that transport arbitrary behaviours (here the v : A) with no counterpart 
in the terms, as a decomposition of the name passing mechanism. This is similar to the central 
role of axioms in the proofs-as-schedules [3] paradigm. 

2.3 The role of “new” 

The subject reduction property is formulated for reductions on private channels, i.e. names that 
are explicitly created in the term. Indeed, the property fails without this assumption: not only 
is the type not preserved (which is expected in the case of linear capabilities), but communicated 
data may not have proper types. For instance, in a typed term like 

Eh P x:B®Fh Q 

- OUT - IN 

u : tA <g> (v : A ^ E) b u(v).P u : IB ® F b u(x).Q 

- PARA 

(u : tA <g> (v : A ^ E)) ^ (u : IB <S> F) h u{v).P \ u(x).Q 

the name v has type A but the name x has type B, and there is no reason that A and B are 
compatible, thus in general we cannot type the reduct P \ Q[v/x\. 

We do not consider this a serious defect of the system, it is mostly a matter of presentation. 
Indeed, the purpose of typing is to ensure proper composition of processes, and the creation of 
channels is part of the composition operation. Therefore, composition only makes sense in the 
presence of name creation operators, and in the example above neither NEWl nor NEWcc applies 
if A and B do not match. We could reformulate our system so that situations like the one 
above are forbidden by typing. A natural approach would be to enforce syntactic constraints on 
environment types, for instance that linear capability assignments occur at most once, that dual 
capability assignments have matching types, etc. We chose not to include such restrictions for 
simplicity, relying on the above justification. 

2.4 Properties of typed processes 

It can be proved that processes typed in our system are well-behaved: 

11 Theorem (termination). Typed processes have no infinite sequence of transitions on private 
names. 

12 Theorem (lock-freeness). In every execution of a typed closed term, every active output even¬ 
tually interacts with an input. 

Proofs of these facts can be obtained by realisability techniques, as in previous work by the 
author hie], or by syntactic means by relating execution with the cut-elimination procedure of 
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linear logic. We do not include proofs because they are out of the scope of this paper. Never¬ 
theless, a fundamental point in the arguments is that they rely on the consistency of linear logic 
(through the cut-elimination property). In relaxations of the system introduced in section [3l we 
will express systems which do not enjoy those properties, by means of inconsistent extensions of 
this logic. 

2.5 Variations 

The choice of the polyadic 7r-calculus in the presentation of our system is justified by the fact 
that it is very expressive and also very standard. However, we can adapt our approach to most 
variants of the calculus. 


Asynchrony This is the restriction on outputs to have no continuations ,7:. The typing of 
a free output atom u(i 7), considered as a simple process u(i 7).0, is as follows: 


NOP 


_-LI-0_ 

u : tA <g> (v : A ^ _L) b u(v). 0 


OUT 




--- OUT-ASYNC 

u : tA <g> v : A F u(v) 


where the simplified type is appropriate since it is linearly equivalent to the one on the left, 
because of neutrality of T for 2 ?. Apart from this rule, nothing is changed in the system for the 
asynchronous 7r-calculus. 


Internal mobility This is the restriction that output prefixes only communicate distinct 
bound names ESI- This simplifies the theory of the calculus and makes it symmetric like CCS. 
In our type system, we also get the symmetry in typing rules. For this purpose we can introduce 
duality over behaviour types: 

13 Definition (duality). For a behaviour type A, the dual A is defined inductively as: 

tA:=lA lA:=?A A®B :=A^B I := _L 

TA := tA ?A := !A A^B := A®B T := 1 

The dual A of a formula A is a form of linear negation, except that the dual of a capability tA 
is the capability tA, whereas negations keep capabilities unaffected in our environment formulas. 
Note that we do not apply duality inside the capability, since we follow the approach of i/o 
types, where this convention is the appropriate one. Nevertheless, logically, the output capability 
contains a negation, as illustrated by the bound output rule below. 

14 Lemma (generalised new). The following rule is derivable, assuming the tuple x is made of 
pairwise distinct names: 

(x : A?? x : A) ® E \- P 

- NEW* 

E F (i /x)P 

Proof. This is proved by induction A. The base case is when A is a linear or exponential 
capability, then one of the new rules applies directly. If A = _L, then x is empty and we have 
(x : AA1 x : A) E = (EA1 \) ® E ~ 1 E ~ E so the rule holds by linear equivalence. The case 








A = 1 is similar. If A = B A1 C then x splits as y , z so that we have 
({y : B 2? £: C) ^ {y : B ® z : C)) <g> E h P 

-=-=- SUB 

[z:C^z:C)®{y:B^y:B)®E^P 

-—- NEW* 

(y : B At y : B) ® E b (; uz)P 

- NEW* 

E b (yy)(uz)P 

where the SUB rule is justified by a simple MLL proof. The case A = B 0 C is similar. □ 
Using this lemma, we can derive a typing rule for bound output: 
x : A® E \- P 

- = - out _ 

u : tA ® (x : A (x : A <g> E )) h u(x).P x: A®E\- P 

- = - SUB -w - 3 - OUT-BOUND 

u : tA ® (x : A ^ x : A) ® E b u{x).P u'AA®E\- u(x).P 

- NEW* 

u : tA 0 E b ( vx)u(x).P 

Fusions Our system can be extended to calculi with free input, such as the fusion calcu¬ 
lus m- The appropriate formulation is with a preorder over names m generated by “arcs” 
a/b which are explicit substitution atoms. The logical meaning of an arc is an implication 
!(a : T —°b :T) for any capability type T: it allows a capability on a to be used as a capability 
on b ; the modality is because the substitution is permanently available. The typing rule would 
be an axiom like ?(a : T <g> (b : T )-*-) b a/6; this implies the handling of negative atoms, which 
may have an impact on the structure of the system. We defer the formal development of this 
extension to future work, since it exceeds the scope of the present paper. 

3 Existing systems as fragments and extensions 

In this section, we describe formally how our system can express known type systems for processes, 
using relaxations and identifying fragments. By relaxation , we mean that we add new logical 
rules to MELL in order to prove more subtypings. The resulting system need not be logically 
consistent, the minimal requirements are that the new rules preserve 

• the interpolation lemma, so that typing is still preserved under structural congruence, 

• the substitution lemma, so that subject reduction still holds. 

3.1 Linearity and i/o types 

We show here how our system can express plain i/o types a la Pierce and Sangiorgi m and their 
extension with linearity by Kobayashi, Pierce and Turner [22] (hereafter referred to as KPT). 
We develop the relationship only with KPT, since plain i/o types are its fragment without linear 
types. We refer the reader to the original paper for the notations. 

15 Definition. Let A? be the fragment of KPT where 

• in channel types, only pure input or output capabilities are used, 

• linear channel creations must create both capabilities, 

• the boolean data type is not used. 
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The translation [•] maps channel types of Jz? to channel types, tuples of channel types of Jz? to 
behaviour types and contexts of Jz? to environment types as follows: 

P 1 ^] := T[r] l? 1 ^] := djT] rf]:=!t[f] [?"f] := ?+[fj 

lTi...T n j := [Til 0 ... ® [T n ] 

{x : l m Tj := x : |[! m fJ {x : ? m f] := x : J? m f] [® : $ m f] := x : [! m f] ^ x : [? m f] 

[ad : Ti,... x n : T n J := [aq : Ti] <g)... <8> \x n ■ T„j 

The restriction on channel types is of minor importance as it can be lifted by a simple 
coding: communicating channels with no capabilities is useless so it can be removed, and instead 
of communicating a channel with both capabilities, one can communicate each capability as 
distinct arguments. As for the restriction on channel creation, it is harmless since a channel 
created without both capabilities will never have any communication. The exclusion of booleans 
is simply because our system, for simplicity of presentation, does not include base data types; 
extension of the system with such types is not problematic. 

16 Theorem. A typing judgement ThP holds in «£? if and only if the judgement [TJ b P holds in 
our system extended with the logical equivalences 

A®B ~ A 2? B 1 ~ T IA ~ ?A 

Sketch of proof. Using these equivalences, environment types, up to associativity, commutativity 
and neutrality, are just multisets of capability assignments of the shape x : T or \x : T. Moreover, 
the multiplicity of each \x : T does not matter. Similarly, behaviour types are now just tuples 
of capabilities. This provides a reverse mapping from our types to those of ££Then it is 
easy to check that each typing rule in ££ can be derived in our system, which proves the direct 
implication. For the reverse implication, we just have to check that our rules are also valid in 
«5?, only taking care of multiple occurrences of a name in an environment type by appropriate 
constraints on the use of contraction. □ 

The addition of the logical equivalences can be achieved by adding to the proof rules of MELL 
any rules that implement these equations as linear equivalences (as new axiom rules or as new 
introduction rules for the connectives involved; these methods are equivalent). It is not hard to 
check that this relaxation does preserve the interpolation and substitution lemmas. Of course, 
lock-freeness and termination are lost, and this is directly related to the fact that the equivalences 
make the logic inconsistent: cut elimination is lost. 

3.2 Control, sequentiality, etc. 

In a series of works mmmm, Berger, Honda and Yoshida studied refinements of i/o types with 
linearity where various properties are enforced including sequentiality, strong normalisation, or 
the behaviour of functional computation with control. The latter system (hereafter called HYB, 
we refer the reader to the paper m for the notations) was put in precise correspondence with 
proof nets for polarised linear logic by Honda and Laurent m and this correspondence fits in 
our system. 

17 Definition. The translation [■] from HYB types to behaviour types, HYB contexts to environ- 
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ment types and processes to processes is defined as follows: 

[(f) ? J : = t[f], |(f) ! ] := In... T n 1 := (![ti] ^ ?[ri]) <E> - - - <8> (![r„] Y ?[r„]) 

[a; : r 0 ] := lx : |[ro], \x : Tj] := lx : [tj] Y lx : [tj], 
f.x(yi.. .y n ).P\ := lx{yiy[ ... y n y' n ).{P\ with y[,...,y' n fresh, 

\x{yi ■ ■ ■ yn)P\ ■■= {yyi ■ ■ ■ y n ){x{y 1 y 1 ... y n y n ) I [P]). 

This translation is essentially the isomorphism between 7r-calculus types a la HYB and for¬ 
mulas of LLP, plus the capability indications. A crucial difference is that we have to code every 
communication of a single name as the communication of a pair for the input and the output 
capabilities, since in HYB an input type (r)' actually allows the presence of outputs, while our 
type system does not allow sending both capabilities as a single argument. Through this trans¬ 
lation, we do capture HYB’s typing, and the following theorem is proved by writing translations 
between the two systems: 

18 Theorem. A judgement h Pt>X\ : T \, • • •, x n : r n is derivable in HYB if and only if the judgement 
[aq : Ti]](g)...® [x n : r n ] b P is derivable in our system extended with the equations A®B ~ AA!B 
and 1 ~ Y. 

Again, the identification of dual connectives makes the underlying logic degenerate, and 
indeed the logic above does not ensure normalisation. Honda and Laurent enumerate several 
restrictions of this system: acyclicity of name dependence, input or output determinism, etc; in 
our system, these restrictions mean than we do not identify dual connectives, then the theorem 
above extends as an embedding of LLP /n c into our system. 

The same approach can be used to handle other type systems of the same family, we leave 
the formalisation of the correspondence for those systems to future work. 

3.3 Session types 

Caires and Pfenning [8] formulated an equivalence between dyadic session types m and intu- 
itionistic linear logic, using a suitable interpretation of the connectives: u : A —° B means “on u , 
receive a channel of type A then proceed according to B ”, dually u : A(&B means “send a channel 
of type A, then proceed according to B”. This implies that the type of a channel must change 
during an interaction, following the progress of the session. This seems to be incompatible with 
type systems in which a type is assigned to each channel in a static way, including the present 
work, however the same authors with DeYoung and Toninho m found a reformulation of their 
correspondence (hereafter called DCPT) in the asynchronous 7r-calculus where this contradiction 
vanishes. The trick is that these channels must never have more than one active occurrence per 
polarity and this can be turned into linearity by applying to synchronous processes a translation 
[•] defined as follows: 

|zi(x).P] := u(xu').\P\[u /u] [w(u).P] := ( uu'){u{vu') \ [P][zt , / l; ]) 

where u' is a fresh name that represents the state of u at the next step of interaction. Of course, 
this translation does not make sense for general processes, but in the case of the interaction 
discipline enforced by session types, this transformation is perfectly adequate. 

19 Theorem. Let [•] be the following translation from LL formulas to channel types: 

[1] := t_L \A 0 Bj := tfl^] 3? [L^]) flAJ := t?[A] 

IT] := -IT {A Y B\ := 4 -([Aj 3? [P]) [?A] := ^?[A] 

[*1 '■ Ai,... ,x n : A„] := x\ : [Ai] ® ... <g> x n : [A„] 
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If T \- P :: x : A is derivable in DCPT then [T]] <g> x : [A -1 ] l - P holds in our system. 

If PI ® x : [A- 1 ] h P holds, then T h P' :: x : A is derivable in DCPT for some P' = P. 

Proof. The direct implication simply consists in checking that each rule of DCPT translates in 
our system, which is straightforward. For the reverse implication, we establish a standardisation 
result for our type system (applied to the 7r-calculus with internal mobility) which essentially 
eliminates the SUB rule by cut elimination; we just have to check that all permutations involved 
are structural congruences. □ 


4 Discussion 

More systems Our results are formulated in a 7r-calculus without choice using MELL as 
a subtyping logic. We chose to present this system since it illustrates the fundamental ideas of 
our approach, but it can be naturally extended to a type system for the 7r-calculus with choice, 
more liberal replication, genericity [5] etc using full linear logic, with additives and second-order 
quantification. 

We also conjecture that it should be possible to embed systems of a different kind using 
modalities different from the ! and ? of linear logic. In particular, type systems that ensure ter¬ 
mination by stratification of names m should correspond to using our basic system but replacing 
MELL with a form of light logic m where the operations on exponentials are constrained using 
stratification techniques that are (at least superficially) similar. 

Synchrony, or lack thereof The lock-freeness property that the system ensures is impor¬ 
tant but it implies a serious defect of our system: it is very weak at dealing with prefixing. A 
witness of this fact can be seen in the following derivation: 

y : B ® E h P 

--- IN 

v : IB ® E h v{y).P 

- 1 - SUB 

x : A <g> F b v{y).P 

- IN 

u(x) : IA ® F b u(x).v(y).P 

Assuming that the names u, v , x, y are all distinct, it is easy to prove (by reasoning on the MELL 
proof of h (x : A) 1 - ^ F ± ,v : IB ® E ) that F can actually be written v : IB ® F' up to 
associativity and commutativity, and that subsequently the subtypings x : A ® F' < E and 
hence x : A(&y : B ® F' <y : B ® E hold. Therefore the term v{y).u(x).P will also by typeable 
by the same type as above. Hence our types are preserved by the equivalence 

u(x).v(y).P ~ v(y).u(x).P 

The same argument applies to output prefixes and commutation between inputs and outputs. A 
consequence of this observation is that any typed equivalence over processes must include the 
rule above, in other words our type system actually tells about a very asynchronous calculus 
(this is nearly the calculus of solos [23] with restrictions on scopes, except that prefixes can freely 
commute but not interact). 

A deep reason for this state of things is that the discipline on names in process composition 
stems from proof composition in linear logic, which fundamentally works by enforcing acyclicity 
and connectedness in connections between proofs [S], in a commutative context. Indeed, the 
multiplicative connectives can be interpreted as follows: 
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• E ® F h P means that P is expected to behave well in an environment that provides some 
behaviour for E and some behaviour for F, and those are independent. 

• E Y F b P means that P is expected to behave well when these two behaviours are 
correlated , i.e. some events in E can be prefixed by events in F and vice-versa. 

With only this kind of information, there is no hope to have a type system that would accept 
a.b | a.b but would reject a.b \ b.a. The only way out of this problem is either to extend the logic 
with non-commutative connectives, or to introduce other forms of dependencies, for instance 
through quantification. 

Semantics This paper does not discuss semantic aspects of logic and processes, however 
these are fundamental motivations of our approach. We claim that the method of starting with 
a very constrained system and the relaxing it in a controlled way using logical axioms should be 
fruitful in this respect. 

Realisability can be used to extract interpretations of formulas and terms from syntax itself, 
using orthogonality as a generic form of testing. It is efficient, in particular, for specifying 
operational properties of processes, among which termination and lock-freeness. Capabilities 
get interpreted by basic operational definitions while logic is interpreted as in phase semantics, 
which justifies our use of entailment as subtyping since, in such semantics, E \- F does imply 
the inclusion of E into F. Besides, consistency of phase interpretation accepts some axioms (like 
the mix rule or arbitrary weakening) but not others, which justifies the effects of adding those 
axioms in our subtyping logic. 

Another promising direction is the use of denotational semantics of proofs as a way to build 
semantics of processes. Evidence for this can be found, for instance, in the relational model of 
linear logic: it is a non-trivial model of proofs, yet it supports the identification of opposite types, 
as used in section o to rebuild i/o types. Using an appropriate interpretation for capability 
types, this should provide meaningful denotational models for i/o-typed processes. Besides, the 
flexibility of the relational model makes it suitable to interpret differential linear logic, in which 
it is possible to formulate encodings of processes of the calculus of solos m- Our approach thus 
provides new tools for the study of denotational models of processes. This could for instance 
extend a line of work of Varacca and Yoshida m interpreting the 7r-calculus in event structures 
using logical constructs. 
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A Technical appendix 


A.l Interpolation lemma (lemma IBP 

Proof. We reason by induction on a cut-free proof ir of b T, A. 

• If 7r is an axiom rule, then three cases may occur: 

— either T and A are equal and are a single formula, then F := A works, 

— or T = A^~, A for some A and A is empty, then F := _L works, 

— or T is empty and A = A- 1 , A for some A, then F := 1 works. 

• If 7T is a 1 rule then either T = 0 and A = 1 or T = 1 and A = 0. In either case, T^, A is 
a singleton {F} where F provides the expected result. 


• It 7T ends with a _L rule, it has the shape 


hr', A' 

- J_ with 

b r',A',u 


T = r', A = _L, A' or 

r = r , ,jL, a = a' 


We can apply the induction hypothesis on b T', A', yielding proofs of b F',F and b F - 1 , A', 
and conclude by adding a _L rule on the appropriate side. 
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• If 7r ends with a <0 rule, it has the shape 


hr 2l A 2 ,A 2 F — ri,r 2 , A — A\ ® A 2 , Ai, A 2 or 

- 0 with „ „ „ . 

b Ti, r 2 , A\ ® A 2 , Ai, A 2 F = Ti, r 2 , Ai ® A 2 , A = Ai,A2 


In the first case, we proceed as follows using the induction hypothesis on Tj and A,, A, for 
each v. 


- IH - 

br 2 ,F 2 

i - ri,r 2 ,Fi ® f 2 


IH 

0 


l-F^.^.A! fF 2 x ,A 2 ,A 2 

I- Ax <g> A 2 , Ai, A 2 

hF 1 ± i?F 2 ± ,A 1 ®A 2 ,A 1 ,A 2 


IH 

0 


These proofs provide the expected conclusions, with F := F\ ® F 2 . As for the constraints 
on literals, the induction hypothesis gives us that the atoms in each F t are present both in 
Ft and in A,;, A,;, hence the atoms in F are present both in F x and in A. The second case 
is similar except that we get F := F\At F 2 . 


• If 7T ends with a At rule, it has the shape 


hF,A,B,A' T = r', A=A J S’B,A' or 

- A? with 

T = T' 1 A^B 1 A = A' 


In the first case we get a formula F and proofs of b T', F and b F^, A, B , A' by induction 
hypothesis, and from the second one we immediately deduce a proof of b F- 1 , A At B, A', 
so the same F is appropriate. The second case is similar. The constraint on atoms is 
immediately satisfied. 

• If 7T ends with a dereliction, weakening or contraction rule, we get the expected formula 
immediately by induction hypothesis on the premiss. 

• If 7r ends with a promotion, it has the shape 

b ?T', A, ?A' r = ?r\ A = !A, ?A' or 

- ! with 

b ?r', \a, ?A' r = ?r',!A, a = ?a' 

In the first case we get a formula F and proofs of b ?r, F and b F^^A, ?A', then by 
dereliction and promotion we get b ?r, \F and b ?F x ,!bl, ?A' (promotion on A) so IF is 
appropriate. In the second case, similarly, we get IF as the intermediate formula. □ 


A.2 Typing and structural congruence (lemma |8|) 

Proof. Thanks to lemma 01 it is enough to consider typing derivations where SUB rules only occur 
right above NEW rules (since no structural congruence rule involves inputs). 

For associativity, commutativity and neutrality in parallel composition, the associated prop¬ 
erties for At and _L are easily provable in multiplicative linear logic. 

For scope extrusion, consider a typed term P \ (vx : A k )Q where x does not occur in P. The 
typing derivation has the following shape: 

[x] k A ®F\-Q 

- newA; 

E b P F b (iae : A k )Q 

- PARA 

E At F \- P \ (vx : A k )Q 
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where x does not occur in E (since it does not occur in P) nor in F (by the side condition in 
NEWfc). Then we can write the following derivation: 

£ b P [x] k A ®F\-Q 

- PARA 

E 7$ ([®ft ® F) b P | Q 

- SUB 

[x] k A ®{E^F)\-P\Q 

- NEW 

E*2F\-(vx: A k ){P\Q) 

where the subtyping is easily proved in MLL. For the reverse rule, the typing of a term {vx : 
A k ){P | Q) has the following shape: 

E\- P F\-Q 

- PARA 

E^ F b P I Q 

- SUB 

[x] A ®G\~P\Q 

- NEW 

Gh(w: A k ){P\Q) 

The subtyping judgement is a proof in MELL of b {[x\ k A )^ ^ G x , E A! F, which is equivalent to 
b ([a:] ( 4 ) A G x , E , F. By lemma O we can deduce that there exists a MELL formula H such that 
b G x , E, H and b H - 1 -, ([a;]^) -1 , F are provable and the literals in H occur both in G, E 1 - and in 
([x]^) 1 ,^. By hypothesis x does not occur in P so it does not occur in E, by the side-condition 
on NEWfc it does not occur in G either, therefore x does not occur in H. Therefore the literals in 
H occur in F, which proves that H only has positive literals, so it is an environment type. The 
proofs of b G x , E, H and b H ± , ([a:]^) x , F induce subtypings G < E H and [x] A <g> H < F so 
we can conclude this case by the following typing: 

F\- Q 

- SUB 

[x\ k A ®H\-Q 

- NEW 

E\-P H b (vx : A k )Q 

--- PARA 

E ^ H b P | (vx : A k )Q 

- SUB 

GbP| [yx : A k )Q 

For commutation of restrictions, a typed term {vx : A k )(vy : B e )P must have a derivation 
of the following shape: 

[i®Ebp 

- NEW 

Eb (vy: B l )P 

- SUB 

[x] A ®Fb {vy: B l )P 

- NEW 

F b {vx : A k ){vy : B e )P 

From [a;]^ ® F < E we deduce [x] A ® [y] e B ®F< [v)b 0 E, so we have the following typing: 

[vYb ®e\-p 

- SUB 

[x] A ® [vYb ®FbP 

- NEW 

[vYb ® F b {vx : A k )P 

- NEW 

F b {vy : B l ){vx : A k )P 

which validates the case of commutation. □ 
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A.3 Subject reduction (theorem 1101) 

Proof. Thanks to lemma [ 8 j we can reason up to structural congruence. For an interaction step 
between linear actions, we have (vu : A 1 ) (ft (ft). P | u(x).Q) —> P \ Q[v/x\. The left-hand side is 
typed as follows: 

x : A ® F I- Q 


_ E\-P 

u:tA®(v: A 7 ? E)\- u(v).P 


OUT 


: 4 -A ® F ft u(x).Q 


IN 


(u : tA ® (ft : A ^ E)) ^ (u : IA <g> F) b u(v).P \ u(x).Q 


PARA 


[u]\ ® H \- u(v).P | u(x).Q 
H h (vu : y4 1 )(w(u).P | u(x).Q) 


SUB 


NEW 1 


with the hypothesis that no name in x occurs in F. The natural typing for the reduct is obtained 
as follows: 

E\-P v : A <g) F ft Q[v/x\ 

- PARA 

E 2? (ft : A ® F) ft P | Q[v/x\ 

By lemmaO in the subtyping [u]\ ® H < (u : tA ® (ft : A A! E)) A (u : 4A ® F) we can replace 
the atomic formula u : 4 -A by ft : A and the atomic formula u : tA by (ft : A ) x , then we get a 
proof of 

b ((ft : A) 1 - ® ft : A) A H ± , ((ft : A) 1 - ® (ft : A A E)) A (ft : A ® F) 

The sequents 

b H ± , (ft : A A (ft : A)- 1 ) ® H 

b (ft : A 2 ? ((ft : A) x <g> P x )) (8) ((ft : A) 1 - A P x ), EA(v:A®F) 

are easily provable in MLL so by the cut rule we get a proof of b tf x , (ft : A ® F) ^ P by which 
we can conclude with the typing of the reduct: 

E\-P ft : A ® F b Q[v/x\ 


E At (v : A ® F) \- P \ Q[v/x\ 


PARA 


SUB 


H\-P\ Q[v/x\ 

For an interaction step involving a replicated input, we have 

(vu : A u )(u(v) .P | \u(x).Q \ R) -A (vu : A UJ )(P \ Q[v/x\ \ \u(x).Q \ R). 

The left-hand side is typed as follows: 

E\- P x: A® F'\-Q 


u:tA®(v:A 7 8E)\- u(v).P 


OUT 


lu : IA ® F 1 - b \u(x).Q 


in! 


GhR 


(u:tA®(v:AAE))A (?u :IA®F')AG b u(v).P \ \u(x).Q \ R 


PARA 


SUB 

[u]^ ® FI b u(v).P | \u(x).Q | R 

F[ b (vu : A u )(u(v).P | \u(x).Q \ R) 

Then we can deduce the following typing for the reduct without (vu : A“): 

x : A® F' b Q 

- REP 

G\~R 


NEW LU 


E\- P v : A® F- b Q[v/x\ lu : 4 -A ® F~ b \u(x).Q 

E A (ft: A ® F ! ) A (lu : tA ® F') A G b P \ Q[v/x\ \ \u(x).Q \ R 


PARA 
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The instance of SUB in the first typing uses a proof of 


b (?(u : t A) 1 - 0 !(u : U4) x ) 2 ? H L , {u : t A 0 (i?: A 2 ? £)) 2 ? (?u : -M ® F ! ) ^ G 
Let O := u : tA (output), I := u : iA (input) and V := v : A (value). The sequent above is 
b (?O x 0 I/- 1 ) 2 ? H ± , (O ® (U ^ E)) 2? (?/ ® F ! ) 2 ? G 


Because of the side condition in the rule NEWw the name u does not occur in H so there is no 
other occurrence of the literal 0 ± in the above sequent, hence the linear atom O can only be 
introduced as follows, up to permutations of rules: 


- AX 

b o ± ,o 

- - — ? 

b?0 x ,0 


If we replace this with 


- AX 

bb 1 ,!' 

b ?O x ,U x ,V 


and we introduce a 2 ? between ?O x and V x just before ?O x is involved in a tensor rule, we 
replace O with V in the proof above and we get a proof of 


b ((?O x 25 - v- L) 0 I/-L) 25 - H - L } (1/ ® (V 2 ? E)) 2 ? (?/ 0F ] )^G 


The subformula ?/ is necessarily introduced by a (possibly 77 -expanded) axiom rule that intro¬ 
duces !/ x , besides the latter only occurs once so ?/ is only introduced once and thus is not 
involved in any contraction (except possibly with formulas introduced by weakening, but this 
case can be eliminated), so if we replace this axiom by an axiom on any formula and get another 
valid proof. Using the formula V x 2 J ?/ we get 

b ((?O x 2? U x ) ® (V ® !/ x )) 2 ? H ± , (V 0 {V 2 ? E)) 2 ? ((U x 2 ? ?/) 0F'-)7$G 

Composing this with the following proofs: 


- ax - AX 

b ? 0 ± ,\0 bb.b 1 

- 0 - AX 

b ?O ± ,!O0V,V ± b!/ x ,?/ 

- 0 

h?0 ± 0lI ± ,lO0V,V ± ,?I 

2? - AX 

h?O ± 0!I ± ,(!O0V) 7 $(V ± i??I) b H^,H 

- < 8 > 

h?O ± 0\I ± ,H ± ,((\O0V)^{V- L ^ r !I))0H 

b (?O x 0 !/ x ) 2 ? H ± , ((!0 ® V) 2 ? (U x 2 ? ?/)) 0 H 
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and 


- AX - AX - AX - AX 

hi/ 1 ,!/ \-{F'-)- 1 , F l h I/- 1 -,?/ b (F ! ) X ,F ! 

I- y x , (F 1 ) 1 -, y ® F ! 0 b \I- L ,(F') ± FI®F l 

hi/ 1 ® ! I ± , (F ! )\ (F ! ) x , V 0 F ! , ?/ ® F ! 

- AX,AX,® - C 

hb 1 ,!/® f x , e by- 1 ® I/ 1 -, (f )- L , y ® f ! , ?/ ® f ! 

---’- 2 ? --- 

by^fygfi 1 )^ b(y- L ®!/- L )/?(F ! )- L ,v®F ! ,?/®F ! ^ 

b (y- 1 -2?(y<g> f x ))< g> ((y x ® ip 1 )2?(f 1 )- 1 ), e,v ®f\ii®f- b g 1 ,g " 

-c 

b (y x 2? (y ® f x )) ® ((yJ- ® I/- 1 ) 2? (f 1 )- 1 ) ® g x ,f, y <g> f ! ,?/ <g> f ! ,g 

b (y x 2? (y ® f x )) ® ((y x <g> if 1 ) ^ (f ! ) x ) ® g 1 , f 2? (y ® f ! ) ^ (?/ ® f ! ) 2? g 

we get 

b (?O x ® !/ x ) 2? if x , F 2? (y ® F ! ) 2? (?/ ® F ! ) 2? G 

that is 

b (?(« : tA) x ® !(« : -hA) x ) 2? f/ x , F 2? (tf : A ® F ! ) 2? (?(« : G 4 ) ® F ! ) 2? G 


hence we have 

£ : bl ® F ! b Q 

- REP 

FbP v : A® F'\-Q[v/x\ ?u : -IA ® F ! b \u(x).Q G\~R 

- PARA 

E^(v: A®F')^{lu:iA®F'-)^G^ P\Q[v/x\ \ \u(x).Q \ R 

- SUB 

(?(u : t A) 2? !( u : M)) ® H b P \ Q[v/x\ \ \u(x).Q \ R 

- NEWta 

if b (uu : A U )(P | Q[v/x\ | \u(x).Q \ R) 


which concludes the proof. 


□ 
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